The HR Policies I’ve Actually Used to Run My Companies

Most articles about HR policies hand you a generic list and tell you to “consult legal counsel.” I’ll do better than that. I’ve built HR policy frameworks from scratch at SaaS companies, managed international teams through Deel, and dealt with the real-world consequences of having weak policies, including a situation where a missing non-compete clause cost us a senior engineer who took proprietary knowledge to a direct competitor.

HR policies aren’t aspirational documents. They’re operational rules that protect the company and its employees. When they’re written well, they prevent problems. When they’re not written well, or not at all, they create them. I want to walk through the policies I’ve used, explain what each one covers, and share what I’ve learned from getting some of them wrong.

HR Policies Overview

HR policies are formal guidelines that define the rules, expectations, and procedures governing the relationship between an employer and its employees. They cover everything from how someone gets hired to how they leave. They set expectations for behavior, outline benefits, define disciplinary processes, and establish legal protections for both sides.

The number of policies a company needs depends on its size, industry, and operating states. A 10-person startup might run with five core policies. A 500-person company with employees in multiple states needs 20 or more. The important thing is that each policy serves a clear purpose, is written in plain language, and is enforced. I’ve seen companies with beautiful employee handbooks that nobody reads, and nobody follows. That’s worse than having no handbook at all, because it creates a false sense of compliance.

At my companies, I worked with my HR executive and outside employment counsel to build our policy set. We started with the legal essentials (at-will employment, anti-harassment, equal opportunity) and added policies as the company grew and new situations arose. By the time we had 80 employees, our handbook was 45 pages. Every policy in it existed because we’d either needed it or gotten burned without it.

At-Will Employment

At-will employment is the default employment relationship in 49 states (Montana is the exception). It means either the employer or employee can end the relationship at any time, for any lawful reason, with or without notice. Almost every company in the United States includes an at-will statement in its offer letters and employee handbooks.

The policy itself is straightforward, but the nuances matter. At-will doesn’t mean you can fire someone for discriminatory reasons or in retaliation for protected activity like filing a workers’ comp claim. It also doesn’t override contractual obligations if you’ve signed an employment agreement with specific terms.

I learned this the hard way. Early in one of my companies, we had a verbal conversation with an employee about guaranteed employment for 12 months. We didn’t put it in writing, but the employee had it in a personal email they’d sent to a friend after the conversation. When we later terminated them at month eight, they argued we’d created an implied contract. We settled for $15,000 to make it go away. After that, our at-will policy included explicit language stating that no verbal agreements could modify the at-will relationship, and every offer letter reinforced it.

Anti-Harassment and Anti-Discrimination

This is the most significant legal policy in any employee handbook. It defines what constitutes harassment and discrimination, establishes a reporting mechanism, outlines investigation procedures, and commits to non-retaliation. Federal law requires compliance with Title VII, the ADA, ADEA, and other statutes, but state laws often go further.

Our policy specified that harassment includes verbal, physical, and visual conduct that creates a hostile work environment. We listed protected categories (race, gender, age, disability, religion, sexual orientation, national origin, and others covered by applicable state law). We named two reporting channels: the employee’s direct manager and the HR department, so people had options if their manager was the problem.

California requires employers with five or more employees to provide sexual harassment prevention training every two years, with at least two hours for supervisors and one hour for non-supervisory staff. We used an online platform (Ethena) that tracked completion and sent reminders. It costs about $30 per employee per annum. States like New York, Illinois, and Connecticut have similar requirements with different specifics.

Employment Contracts and Confidentiality

Beyond at-will employment, many companies use additional agreements for specific situations. These include confidentiality agreements (also called NDAs), invention assignment agreements (critical for tech companies), and sometimes non-compete clauses.

I use confidentiality agreements with every employee and contractor. The agreement protects trade secrets, customer lists, financial data, and proprietary methodologies. When one of our senior engineers left to join a competitor, the confidentiality agreement gave us legal standing to send a cease-and-desist when we discovered they were using our proprietary code architecture at their new company. Without that agreement, we would have had limited recourse.

Non-competes are a different story. The Federal Trade Commission issued a rule attempting to ban most non-competes in 2024, though enforcement has been challenged in court. Several states, including California, have already banned non-competes for employees. In states where they’re still enforceable, courts tend to require them to be narrow in scope (specific geography, limited time period, reasonable industry definition). I’ve stopped using non-competes and rely on strong confidentiality and invention assignment agreements instead. They protect what matters without restricting someone’s ability to earn a living.

Paid Time Off and Leave Policies

PTO policy is one of the areas where companies differentiate themselves. Some offer unlimited PTO (which means less vacation taken, according to multiple studies, including one by Namely that found that employees with unlimited PTO take an average of 13 days, versus 15 days under traditional plans). Others use accrual-based systems where employees earn a set number of days per month or year.

At my companies, we settled on a structured PTO policy: 15 days of PTO for employees in their first two years, 20 days after year two, and 25 days after year five. We tracked it through Rippling and required manager approval for absences longer than three consecutive days. We also provided 10 paid holidays and three personal days.

Leave policies also include FMLA compliance (required for companies with 50+ employees), which provides up to 12 weeks of unpaid, job-protected leave for qualifying reasons like childbirth, adoption, or serious health conditions. Some states, like California, New York, and Washington, have state-level paid family leave programs that supplement FMLA. Our policy referenced both federal and state requirements, so employees knew their rights.

Bereavement leave is another component. We provided five days for immediate family members and three days for extended family. It was one of those policies we didn’t think much about until we needed it, and having clear terms in writing saved both the grieving employee and their manager from an awkward conversation about how much time was appropriate.

Code of Conduct

The code of conduct sets behavioral expectations for everyone in the organization. It covers professional behavior, dress code (if applicable), use of company resources, social media conduct, and ethical standards. It’s the policy that defines “how we work here.”

Our code of conduct was short. We avoided the kind of 30-page documents that read like legal disclaimers. Instead, we focused on five principles: treat people with respect, communicate well, protect confidential information, use company resources in a responsible manner, and report concerns without fear of retaliation. Each principle had two or three concrete examples so people knew what it looked like in practice.

The social media component has become quite important. Our policy stated that employees could post about their work in general terms but couldn’t share confidential information, make statements on behalf of the company without authorization, or post content that would violate our anti-harassment policy. We didn’t try to control personal opinions, but we drew a line at anything that could create legal liability for the company.

Workplace Safety and Injury Reporting

OSHA requires all employers to provide a safe workplace, and companies with more than 10 employees must maintain records of work-related injuries and illnesses. This policy covers reporting procedures, workers’ compensation claims, and return-to-work protocols.

For office-based and remote companies, workplace safety looks different than manufacturing or construction. Our policy covered ergonomic setup guidelines for remote workers, procedures for reporting injuries (even at home during work hours, which is a gray area that keeps employment lawyers busy), and emergency procedures for our office space.

Workers’ compensation insurance is mandatory in most states and covers medical expenses and lost wages for employees injured on the job. The policy should state how to report an injury, what documentation is needed, and what the company’s obligations are under state law. We included our workers’ comp carrier’s contact information in the handbook.

Remote Work and Flexible Arrangements

With the proliferation of outsourcing, remote work policies went from rare to essential between 2020 and 2022. Even companies that have returned to office-first models need a policy that defines expectations for employees who work remotely, whether full-time, hybrid, or just on occasion.

Our remote work policy specified eligible roles (not all positions qualified), equipment provisions (the company provided a $1,500 home office stipend for full-time remote employees), communication expectations (cameras on for team meetings, available on Slack during core hours of 10 AM to 4 PM in the employee’s local time zone), and data security requirements (company VPN required for accessing internal systems).

The tax and compliance implications of remote work are significant and often overlooked. An employee working from a different state may create nexus for state taxes, require the company to register as an employer in that state, and subject the company to that state’s employment laws. We discovered this when an employee moved from Texas to California without telling us, which meant we needed to comply with California’s stricter employment laws for that individual, including providing an updated employee handbook supplement. Our remote work policy now requires employees to notify HR before relocating to a different state.

Disciplinary Process and Termination

This policy defines how the company addresses performance issues and employee misconduct, and how employment can be terminated. A clear disciplinary process protects the company and gives employees a fair chance to correct problems.

Our process followed a standard progressive discipline model: verbal warning, written warning, performance improvement plan (PIP), and termination. Each step required documentation. The written warning included the specific issue, expected improvement, timeline, and consequences of not improving. PIPs ran 30 to 60 days with check-ins done once per week.

The policy also addressed immediate termination for serious offenses: theft, violence, harassment, disclosure of confidential information, and working under the influence. These situations bypassed progressive discipline.

Termination procedures included a checklist covering final paycheck timing (which varies by state, with California requiring payment on the last day of work), COBRA notification, return of company property, and revocation of system access. Our HR team ran through this checklist for every departure, voluntary or involuntary, to make sure nothing was missed.

Having a clear process documented in policy saved us multiple times. When a terminated employee claimed wrongful termination, we had written documentation of every warning, every conversation, and every opportunity to improve. The claim was dropped after our attorney presented the documentation.

Final Thoughts

Looking at all of these policies together, the pattern is clear. Good HR policies prevent the problems you don’t want to deal with and provide a framework for handling the ones you can’t avoid. I’ve made mistakes, like the missing non-compete I mentioned, the verbal employment guarantee that became a $15,000 lesson, and a leave policy that was so vague nobody knew what they were entitled to. Every one of those mistakes turned into a better policy. The companies that treat HR policies as living documents, reviewed once a year and updated when laws or circumstances change, are the ones that avoid the expensive surprises.

FAQ

Here, I answer the most frequently asked questions about hr policies.

How often should HR policies be updated?

Review the full handbook once per year. Update individual policies whenever relevant laws change, when you enter a new state, when you cross employee count thresholds (like 50 employees for FMLA), or when a specific situation reveals a gap. At my companies, our employment attorney reviewed the handbook every January and flagged any state or federal changes that required updates.

What are the most essential HR policies for a startup?

Start with five: at-will employment, anti-harassment and anti-discrimination, confidentiality agreement, PTO and leave, and a basic code of conduct. These cover the highest-risk areas. Add remote work, disciplinary process, and workplace safety policies as you grow past 20 employees. You can always add more, but these five cover the legal essentials.

Who is responsible for enforcing HR policies?

HR owns policy creation, communication, and compliance monitoring. Managers enforce policies day to day. Employees are responsible for reading and following them. At my companies, every new hire signed an acknowledgment that they’d received and read the employee handbook. That signature was critical documentation in any future dispute.

Can HR policies vary between departments?

Yes, but core policies like anti-harassment, at-will employment, and leave must apply across the organization. Operational policies like dress code, schedule flexibility, or remote work eligibility can vary by department or role. The key is that any differences are based on legitimate business reasons and documented, not applied at random.

What should an employee handbook include?

At minimum: company mission and values, at-will employment statement, anti-harassment and EEO policy, compensation and benefits overview, PTO and leave policies, code of conduct, disciplinary process, safety procedures, and an acknowledgment page. Companies with 50 or more employees should also include FMLA information and ACA-related benefits details.

How do HR policies protect the company legally?

Documented policies create a record of expectations. If an employee claims they weren’t aware of a rule, the signed handbook acknowledgment shows they were. If a termination is challenged, the documented disciplinary process shows due process was followed. Consistent enforcement of policies also protects against discrimination claims, because the company can demonstrate that rules were applied equally.